| Wiki Markup |
|---|
A nonfinal class or method that is not meant to be inherited can be overridden by an attacker if it is not declared as {{final}} \[3\].[McGraw 00|java:AA. Java References#McGraw 00]\] Chapter [Seven|http://www.securingjava.com/chapter-seven/chapter-seven-1.html] Rule 3: "Make Everything Final, Unless There's a Good Reason Not To". |
| Wiki Markup |
|---|
If inheritance is to be limited to trusted implementations for a public, nonfinal class, then the class type should be confirmed before creating the instance at each place where an instance of the nonfinal class can be created. A SecurityManager check should be enforced on detecting a subclass (Chapter 6 of \[2[Gong 03|java:AA. Java References#Gong 03]\]). |
A nonfinal class can be subverted simply by declaring a malicious class that inherits from the nonfinal class, which implies that there is no need for reflection. However, reflection is necessary if the nonfinal class is private or otherwise inaccessible to the attacker.
...
Search for vulnerabilities resulting from the violation of this rule on the CERT website
...
References
| Wiki Markup |
|---|
\[[McGraw 00|java:AA. Java References#McGraw 00]\] \[[Lai 08|java:AA. Java References#Lai 08]\] \[[SCG 07|java:AA. Java References#SCG 07]\] Secure Coding Guidelines for the Java Programming Language Guideline 1-2 "Limit the extensibility of classes and methods" \[[Gong 03|java:AA. Java References#Gong 03]\] \[[Bloch 08|java:AA. Java References#Bloch 08]\] Item 1: "Consider static factory methods instead of constructors" |
...